aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatarLibravatar daurnimator <quae@daurnimator.com> 2017-04-03 11:01:54 +1000
committerLibravatarLibravatar daurnimator <quae@daurnimator.com> 2017-04-03 13:27:11 +1000
commit8d91ac802732222ba1b775712543601137d2bf20 (patch)
tree8a6fe937064b08d5ae780980a1addd61fc937144
parentf2f0f09caef1925a4ff731a6feed35b8f355b169 (diff)
downloadluaossl-8d91ac802732222ba1b775712543601137d2bf20.tar.gz
luaossl-8d91ac802732222ba1b775712543601137d2bf20.tar.bz2
luaossl-8d91ac802732222ba1b775712543601137d2bf20.zip
openssl.ssl.context: Add ctx:setCurvesList
-rw-r--r--doc/luaossl.tex6
-rw-r--r--src/openssl.c22
-rw-r--r--src/openssl.ssl.context.lua14
3 files changed, 42 insertions, 0 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 7db7463..72f4d06 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -883,6 +883,12 @@ Sets the private key \module{openssl.pkey} object $key$ for use during SSL conne
Sets the allowed public key and private key algorithm(s). The string format is documented in the \href{http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT}{OpenSSL ciphers(1) utility documentation}.
+\subsubsection[\fn{context:setCurvesList}]{\fn{context:setCurvesList($string$ [, ...])}}
+
+Sets the supported curves. The string format is a list of colon separated curve names similar to \texttt{ctx:setCipherList(...)}. A list of supported curves can be found by running \texttt{openssl ecparam -list\_curves}.
+
+\emph{Only supported since OpenSSL 1.0.2.}
+
\subsubsection[\fn{context:setEphemeralKey}]{\fn{context:setEphemeralKey($key$)}}
Sets \module{openssl.pkey} object $key$ as the ephemeral key during key exchanges which use that particular key type. Typically $key$ will be either a Diffie-Hellman or Elliptic Curve key.
diff --git a/src/openssl.c b/src/openssl.c
index fa7dd79..d679d92 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -254,6 +254,10 @@
#define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2)
#endif
+#ifndef HAVE_SSL_CTX_SET_CURVES_LIST
+#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
+#endif
+
#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3))
#endif
@@ -7746,6 +7750,21 @@ static int sx_setCipherList(lua_State *L) {
} /* sx_setCipherList() */
+#if HAVE_SSL_CTX_SET_CURVES_LIST
+static int sx_setCurvesList(lua_State *L) {
+ SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+ const char *curves = luaL_checkstring(L, 2);
+
+ if (!SSL_CTX_set1_curves_list(ctx, curves))
+ return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCurvesList");
+
+ lua_pushboolean(L, 1);
+
+ return 1;
+} /* sx_setCurvesList() */
+#endif
+
+
static int sx_setEphemeralKey(lua_State *L) {
SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -7941,6 +7960,9 @@ static const auxL_Reg sx_methods[] = {
{ "setCertificate", &sx_setCertificate },
{ "setPrivateKey", &sx_setPrivateKey },
{ "setCipherList", &sx_setCipherList },
+#if HAVE_SSL_CTX_SET_CURVES_LIST
+ { "setCurvesList", &sx_setCurvesList },
+#endif
{ "setEphemeralKey", &sx_setEphemeralKey },
#if HAVE_SSL_CTX_SET_ALPN_PROTOS
{ "setAlpnProtos", &sx_setAlpnProtos },
diff --git a/src/openssl.ssl.context.lua b/src/openssl.ssl.context.lua
index 2098b54..3263fb1 100644
--- a/src/openssl.ssl.context.lua
+++ b/src/openssl.ssl.context.lua
@@ -13,4 +13,18 @@ local setCipherList; setCipherList = ctx.interpose("setCipherList", function (se
return setCipherList(self, ciphers)
end)
+-- Allow passing a vararg of curves, or an array
+local setCurvesList = ctx.interpose("setCurvesList", nil)
+if setCurvesList then
+ ctx.interpose("setCurvesList", function (self, curves, ...)
+ if (...) then
+ local curves_t = pack(curves, ...)
+ curves = table.concat(curves_t, ":", 1, curves_t.n)
+ elseif type(curves) == "table" then
+ curves = table.concat(curves, ":")
+ end
+ return setCurvesList(self, curves)
+ end)
+end
+
return ctx